Archive for June, 2010

OWNED now available on

My ebook, OWNED: Why hacking continues to be a problem, is now available on I’ve been patiently waiting for Smashwords to resolve its ebook “meatgrinder” issues with Amazon, so that I only have to deal with one publishing channel, but almost two months have passed and I’ve read no word of any progress.

Adding the book into Amazon was incredibly easy.  I signed into the Digital Text Platform site, completed the “Add new item” form and then uploaded the book and cover. After uploading the book, I made sure it looked okay in the Kindle preview window and then clicked the “Publish” button. It took less than 10 minutes. It does take 2-3 days for the book to be buyable, but that’s not a big deal.

I’m really interested in seeing how the book is going to do on Amazon. In a way, the delay was good, because it gave me a chance to establish an online presence through this blog and Twitter.

If you’re interested in previewing the book but don’t have a Kindle, there is Kindle for PC and of course you can preview and purchase the book in many different ebook formats (including Kindle) at The book is also available on the iPad through iBooks.


Unauthorized Ethical Hacking: No good deed goes unpunished

June 29, 2010 1 comment

Some of you may not know this, but an individual needs permission from a company to ethically hack its assets, perform penetration tests or look for vulnerabilities within Web applications.  A person can’t just hack a company’s Website, socially engineer their employees or do Web-based drive by malware installs under the guise of protecting the public’s interests. Doing so will only get the person into trouble – not only with the company, but law enforcement as well.

What people need to realize, is that 15 minutes of fame is not going to prevent them from getting into trouble. Law enforcement is going to pounce on them like a jungle cat on a mouse. If they’re really unlucky, law enforcement will already be monitoring their target and they’ll be arrested as soon as they successfully hack something.

If you know someone that is thinking of becoming a superstar by hacking some company’s Website, please do the person a favor and try to talk the person out of it.

How your Hotmail, Gmail or Yahoo email account may have been hacked

June 27, 2010 4 comments

If your online email account was recently hacked and you don’t know how it happened, you really need to give some thought as to how it might have occured to prevent it from happening again.  Even if your home computer is fully patched, your anti-malware software is up-to-date, and you’re mindful of what email you open and Websites you visit, you may still be at risk. Here are some ways that your password might have been stolen that you may not have considered.

Read more…

Late Night Computer Security: Half asleep at the keyboard

June 26, 2010 2 comments

I was up until 3:30am this morning researching something on the Internet and then all of a sudden, my desktop firewall pops-up a message asking me if I want to allow an unfamiliar “.exe” file to access the Internet.  My firewall is setup, so that anytime an executable that I haven’t marked as safe wants to access the Internet, it prompts me if I want to let it out. “Oh great,” I thought to myself, “I must have been hit by some type of zero-day exploit.” I click the disallow button and right after I click the button I think, “Wait. What was the name of that executable again?” Doh!

So then I’m sitting there thinking to myself, half-awake, that it really doesn’t matter if I go back to that Website, because at this point, I’m just going to save this VMware image for analysis.  I go back to the Website, click on link and sure enough, I get the firewall prompt again. The file is named plugin-container.exe. “What the heck is this?” I think. A quick Google check and yes, you probably already know this – it’s a Firefox process that runs your plug-ins under a separate process.

I recall reading headlines over the past week that Firefox has a new crash protection feature, but I didn’t realize this was it.  The crash feature is mentioned in the release notes and on Mozilla’s blog, but there is no mention that this feature spawns a new process named plugin-container.exe. Lame.

I hate when stuff like this happens, but I guess it’s to be expected when I’m half asleep at the keyboard.

What’s up with the Trusted Computing Group?

June 26, 2010 6 comments

After reading the post and comments at Cyber Arms the other day about Trusted Computing (TC) and the Trusted Platform Module (TPM), I decided to spend some time at the Trusted Computing Group Website.   I was introduced to the concepts behind TC several years ago and while I agree that it has its strong points, I have my own concerns and issues with the technology that I won’t get into here.  As a result, I haven’t paid much attention to its development over the years.

While browsing the TCG Website, I stumbled upon an article that struck me in a negative way:

Read more…

An open letter to Bill Gates, Steve Jobs, Paul Otellini, Steve Ballmer, Dirk Meyer, Michael Dell, Larry Ellison and Jim Whitehurst


As you know, the world has been fighting hackers for over 15 years. Despite best efforts to secure networks and computers against compromise, we continue to lose systems, credentials and information to the enemy every day. Direct attacks against vulnerable assets, social engineering, phishing, taking advantage of poor security practices, malicious email and infectious Websites continue to be effective across the entire globe. No one is safe. We clearly have a problem and there are no indications that the situation will improve anytime in the near or distant future.

The reason why I am addressing you regarding this matter, is because collectively, you are the only ones that can initiate the changes necessary to make computing secure.  Here’s why:

Read more…

National Cybersecurity, Politicians, Black Hat Magic and White Lies

June 22, 2010 4 comments

Across the globe, world leaders are being briefed about the threats and risks to critical infrastructure and national security. Politicians are being told tales of cyberwar, disruptions to power and transportation systems, financial chaos and what could be the end of civilization as we know it.  Technical gurus demonstrate how easy it is to compromise and take control of a system, like the main act in the center ring of a circus, to instill shock and awe into the crowd of curious onlookers. And why are these things being done? To gain support for cybersecurity initiatives and spending against the threat de jour – the hacker.

But is everything being presented the truth, the whole truth and nothing but the truth? I’m not so sure that it is.

Read more…